Security Event Managers (SEMs) provide a security monitoring solution for enterprises which is based on collecting data on events in the network from various sources, analyzing and correlating the events to identify security events. The SEM reports the security events it identifies or provides an automatic response to them. SEMs are also referred to as Security Information Mangers (SIMs), or Security Information and Event Managers (SIEMs).
SEM data sources might include intrusion detection and prevention (IDP) systems, firewalls, security applications, operating systems, logs of network devices, and more.
SEM has to cope with a large amount of raw data and alerts generated by network devices, security mechanisms, and hosts.
Some of the challenges that SEMs and SEM users experience are: (a) A high rate of false-positive security alerts; (b) Non effective enough prioritization of the security events; (c) A complex set of rules which has to be configured manually in order to govern the event correlation and reporting; (d) Limited contextual information for assisting security analysts in handling security events identified by the SEM.